Attacks attempting to gain unauthorized access to user accounts, such as a brute force attack repeatedly attempting to log into a user account of a service provider, are common in today's web-based infrastructure. In response, service providers have tried to implement measures to monitor for such attacks and take defensive measures.